Target to pay $18.5M settlement for 2013 data breach

Author

Published

Share it

Dive Brief:

Target has agreed to pay a bulk settlement of $18.5 million to be distributed among 47 state governments and Washington, D.C., as it moves a step closer to settling all claims related to its huge 2013 holiday season data breach, Reuters reported.

California will receive more than $1.4 million from the settlement, the largest share of any state. The multi-state investigation into the incident was led by the Attorneys General of Connecticut and Illinois.

A spokeswoman for the retailer also told Reuters that Target has reached an agreement on a settlement for the remaining consumer class action lawsuit related to the breach, but the company is still awaiting final court approval on that proposed settlement.

Dive Insight:

About three and a half years after the security breach occurred, Target is still trying to put the incident behind it. And the price it is paying to do so doesn't come only in the form of court settlements. Three years ago, Target estimated the cost of the security breach to its bottom line at $150 million, though the Reuters reports the real cost was likely more than $200 million.

The incident won't be truly put in the past until the company can resolve the consumer class action settlement, which involves more than 200,000 consumers who claimed they were financially harmed by the data breach. That still could take some doing, as several media reports say an agreed-upon $10 million consumer settlement is being held up by a single plaintiff whose legal team believes consumer should be getting a bigger payout. Those reports suggest it could be months before that settlement is finalized.

Just as the legal wrangling carries on, so do security attacks affecting retailers. At the time of the Target data breach, in which 40 million cards were compromised, it was seen as a wake-up call — not just for retail — but for many other industries facing increasing security threats. It was supposed to serve as inspiration for companies to finally take data security threats seriously and invest heavily to prevent similar incidents.

What retailers need to realize is that security breaches are much more than PR crises to be managed. Retailers need to be forthcoming, re-assuring, responsive and responsible. All across their operations, retailers are making various investments with the aim of providing better customer experiences, but those efforts will go for naught if customers don't feel like retailers are willing to be honest with them — warts and all.